Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b1a96491637227f123a51cc3d5484cb0

  • Size

    2.8MB

  • Sample

    231219-11g1xsheb8

  • MD5

    b1a96491637227f123a51cc3d5484cb0

  • SHA1

    0f3c2e73386d369e6e2166857514f7e133d74165

  • SHA256

    412e9f02a4f8be99894ebc8019ab7f767699e2cd7bb8a193a5384a249e7d9f65

  • SHA512

    1f3c21496998ff58c74399af0079048218f0fdb49f2f443e78c68665296429dfdc14b68c6a66179b27db365f0d9eb0400ae2cb9118949eeb48eead3fade3ded9

  • SSDEEP

    24576:5MMpXS0hN0V0HYSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0Np:qwi0L0q1VN0EG

Malware Config

Targets

    • Target

      b1a96491637227f123a51cc3d5484cb0

    • Size

      2.8MB

    • MD5

      b1a96491637227f123a51cc3d5484cb0

    • SHA1

      0f3c2e73386d369e6e2166857514f7e133d74165

    • SHA256

      412e9f02a4f8be99894ebc8019ab7f767699e2cd7bb8a193a5384a249e7d9f65

    • SHA512

      1f3c21496998ff58c74399af0079048218f0fdb49f2f443e78c68665296429dfdc14b68c6a66179b27db365f0d9eb0400ae2cb9118949eeb48eead3fade3ded9

    • SSDEEP

      24576:5MMpXS0hN0V0HYSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0Np:qwi0L0q1VN0EG

    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks